Swagger Alerts examples

Sets and updates the alert management configuration.

Swagger GET /alertsConfig example

Perform the following steps to execute the API:

Expand the Session section.
Click GET /alertsConfig.
Click Try it Out.
Select the media type from the drop-down menu. This controls the header accept type in the curl command. Possible values are application/json and application/xml.
To optionally specify a specific system for which to get the alert configuration, enter a hostname in the text box.

Click Execute.

Swagger UI submits the request and shows the curl command that was submitted. If successful, the Responses section shows the response with an HTTP status code of 200 OK.

Response body
{
  "configIdsByHostname": {
    "system-name.com": "system-name.com"
  },
  "configs": null,
  "configsById": {
    "system-name.com": {
      "configs": [
        {
          "params": null,
          "responses": [],
          "type": "RTC_CONFIGURATION_CHANGE_REQUESTED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "TE_CONFIGURATION_CHANGE_REQUESTED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "AUDITD_CONFIGURATION_CHANGE_REQUESTED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "FIM_CONTENT_CHANGED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "FIM_ACCESS_CHANGED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "FIM_DIRECTORY_CHANGED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "HASH_MISMATCH_EVENT",
          "urgency": 0
        },
        :
        : 

      ]
    }
  }
}

Swagger PUT /alertsConfig example

Perform the following steps to execute the API:

Expand the Session section.
Click PUT /alertsConfig.
Click Try it Out.
Select the media type from the drop-down menu. This controls the header accept type in the curl command. Possible values are application/json and application/xml.

Supply the request body in the following format, where type is one of the following values:

RTC_CONFIGURATION_CHANGE_REQUESTED
TE_CONFIGURATION_CHANGE_REQUESTED
AUDITD_CONFIGURATION_CHANGE_REQUESTED
FIM_CONTENT_CHANGED
FIM_ACCESS_CHANGED
FIM_DIRECTORY_CHANGED
HASH_MISMATCH_EVENT
METADATA_MISMATCH_EVENT
COMPLIANCE_PROFILE_APPLY
COMPLIANCE_PROFILE_UNDO
COMPLIANCE_CHECK
COMPLIANCE_SIMULATE
CORRELATION_PASS_FAILURE
IDPD_PORT_SCAN
PSAD_PORT_SCAN
PSAD_SIGNATURE_MATCH
AGENT_CONNECTIVITY
MALWARE_EVENT
MALWARE_DETECTED
BLOCKLIST_EVENT
SCHEDULED_COMMAND_FAILED
FAPOLICYD_BLOCKED_EVENT
PATCH_VERIFY_COMPLIANT
PATCH_VERIFY_NON_COMPLIANT
PATCH_UPDATE_FAILURE
PATCH_UPDATE_SUCCESS
PATCH_PULL_SUCCESS
PATCH_PULL_FAILURE
RANSOMWARE_DETECTED_EVENT

{
  "configIdsByHostname": {
    "vm1.example.com": "id1",
    "vm2.example.com": "id2"
  },
  "configsById": {
    "id1": {
      "configs": [
        {
          "params": null,
          "responses": [],
          "type": "RTC_CONFIGURATION_CHANGE_REQUESTED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "TE_CONFIGURATION_CHANGE_REQUESTED",
          "urgency": 0
        }
      ]
    },
    "id2": {
      "configs": [
        {
          "params": null,
          "responses": [],
          "type": "AUDITD_CONFIGURATION_CHANGE_REQUESTED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "FIM_CONTENT_CHANGED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "FIM_ACCESS_CHANGED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "FIM_DIRECTORY_CHANGED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "COMPLIANCE_PROFILE_APPLY",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "COMPLIANCE_PROFILE_UNDO",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "COMPLIANCE_CHECK",
          "urgency": 0
        },
        {
          "params": {
            "ATTEMPTS": "5",
            "TIME_INTERVAL_MINS": "5"
          },
          "responses": [],
          "type": "CORRELATION_PASS_FAILURE",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "PSAD_PORT_SCAN",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "PSAD_SIGNATURE_MATCH",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "AGENT_CONNECTIVITY",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [
            {
              "disabled": false,
              "parameters": {
                "toList": "admin@company.com"
              },
              "type": "email"
            }
          ],
          "type": "MALWARE_EVENT",
          "urgency": 2
        },
        {
          "params": null,
          "responses": [],
          "type": "BLOCKLIST_EVENT",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "SCHEDULED_COMMAND_FAILED",
          "urgency": 0
        },
        {
          "params": null,
          "responses": [],
          "type": "IDPD_PORT_SCAN",
          "urgency": 0
        }
      ]
    }
  }
}

Click Execute.
Swagger UI submits the request and shows the curl command that was submitted. If successful, the Responses section shows the response with an HTTP status code of 200 OK.